Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/MF0tVs-2_iz2rNuQwYEEFEv_L7c.roa
File:                     MF0tVs-2_iz2rNuQwYEEFEv_L7c.roa (raw, json)
Hash identifier:          VEHL6VT1/TXHKQmh1725lnbh3/jt/yMNCTDJWVhVrOQ=
Subject key identifier:   30:5D:2D:56:CF:B6:FE:2C:F6:AC:DB:90:C1:81:04:14:4B:FF:2F:B7
Certificate issuer:       /CN=5eba57e1707e43b2fa97fceb078a5d460e56c1bf
Certificate serial:       018CC3B6714830CA67F2BD270C8F9A4EDC96
Authority key identifier: 5E:BA:57:E1:70:7E:43:B2:FA:97:FC:EB:07:8A:5D:46:0E:56:C1:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/MF0tVs-2_iz2rNuQwYEEFEv_L7c.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200854
IP address blocks:        185.93.179.0/24 maxlen: 24
                          185.93.178.0/24 maxlen: 24
                          185.93.177.0/24 maxlen: 24
                          185.93.176.0/22 maxlen: 22
                          185.93.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:48:30:ca:67:f2:bd:27:0c:8f:9a:4e:dc:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eba57e1707e43b2fa97fceb078a5d460e56c1bf
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=305d2d56cfb6fe2cf6acdb90c18104144bff2fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:91:86:85:f3:23:7f:aa:0b:00:f2:8c:66:
                    cb:ca:d2:13:f2:4c:71:7b:b6:11:92:97:27:5b:e2:
                    53:fd:44:66:6d:02:cc:ae:95:a2:59:a8:26:3a:59:
                    59:ee:1d:d2:6b:0e:39:1e:f7:b0:88:fd:75:cc:34:
                    f0:2c:93:b6:15:76:75:ed:88:52:86:79:12:d0:dd:
                    3e:65:c4:86:7b:2c:36:30:58:71:23:44:b0:a1:f1:
                    81:53:f0:23:0b:7e:65:a9:7d:9b:6b:5d:9c:bf:ad:
                    33:d8:ec:68:bf:70:a9:04:bf:50:48:85:74:0e:de:
                    3e:ac:33:9d:b0:bb:de:60:f9:6b:ba:2e:45:94:2b:
                    14:cc:9a:2a:8e:dc:25:7e:c1:fc:df:55:ad:60:b6:
                    97:06:0c:77:6a:5d:18:d5:f6:35:0e:47:69:03:43:
                    89:23:19:5b:bb:12:49:9f:af:87:08:50:48:9e:5a:
                    23:e0:a1:1e:cd:df:76:66:d0:c6:c6:41:22:1d:a9:
                    9a:85:90:fe:17:c9:36:f4:d7:79:ff:5e:35:43:fc:
                    f7:a3:de:6c:7a:87:86:c1:ef:87:bf:a4:16:de:fa:
                    d2:66:93:24:a7:85:d9:12:86:29:86:2f:65:df:74:
                    5f:df:bf:e7:ab:06:f8:fa:84:c5:db:67:96:bc:1f:
                    0b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:5D:2D:56:CF:B6:FE:2C:F6:AC:DB:90:C1:81:04:14:4B:FF:2F:B7
            X509v3 Authority Key Identifier:
                keyid:5E:BA:57:E1:70:7E:43:B2:FA:97:FC:EB:07:8A:5D:46:0E:56:C1:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/MF0tVs-2_iz2rNuQwYEEFEv_L7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cbcac6-abeb-4a38-8ccc-b5972709bb02/1/XrpX4XB-Q7L6l_zrB4pdRg5Wwb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:a7:d6:4e:14:db:e2:71:8b:3e:c6:4a:e1:c5:7e:3e:c1:d5:
         be:e3:f8:55:08:47:fc:a2:4c:26:88:4d:57:a5:ad:61:c2:44:
         84:c9:a5:c1:fd:3f:1f:eb:43:a2:89:ec:00:a3:c1:bf:fd:87:
         68:11:7b:8b:9f:5b:05:f4:f9:c8:45:ae:98:8f:46:98:7e:60:
         6e:e7:9e:8a:55:6f:44:dc:27:b8:51:b4:1b:4b:bc:3a:ae:32:
         06:45:f5:b8:4c:46:5f:e6:3d:bf:9e:2d:02:fa:ce:c8:68:d9:
         e7:b3:66:01:5b:ee:c2:75:f4:68:d2:27:dd:a9:9b:6c:9b:cb:
         6b:93:cf:fc:15:f4:9b:ce:e5:a4:15:ac:47:bb:4e:3d:4d:5b:
         c4:f5:75:85:2d:9b:af:e1:4a:5e:ff:66:fb:ba:b0:96:4c:1b:
         3f:7b:b0:ee:6a:d3:b9:1d:06:a4:ad:8e:fb:1a:2d:cd:bb:16:
         c5:04:75:63:fe:ed:bf:88:56:1d:8b:11:0c:91:77:fd:84:c7:
         62:a3:8b:61:64:b8:ef:7e:25:b8:aa:af:74:e2:2c:1b:97:4e:
         f1:e7:49:a7:de:b7:15:13:a7:53:0d:ed:f8:7e:a7:ec:52:7c:
         f7:7b:3d:1e:6c:de:d3:63:0e:c0:1b:84:9d:9e:52:eb:88:02:
         27:9e:1e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnFIMMpn8r0nDI+aTtyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYmE1N2UxNzA3ZTQzYjJmYTk3ZmNlYjA3OGE1ZDQ2MGU1
NmMxYmYwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDVkMmQ1NmNmYjZmZTJjZjZhY2RiOTBjMTgxMDQxNDRiZmYyZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvORhoXzI3+qCwDyjGbLytIT8kxx
e7YRkpcnW+JT/URmbQLMrpWiWagmOllZ7h3Saw45HvewiP11zDTwLJO2FXZ17YhS
hnkS0N0+ZcSGeyw2MFhxI0SwofGBU/AjC35lqX2ba12cv60z2Oxov3CpBL9QSIV0
Dt4+rDOdsLveYPlrui5FlCsUzJoqjtwlfsH831WtYLaXBgx3al0Y1fY1DkdpA0OJ
IxlbuxJJn6+HCFBInloj4KEezd92ZtDGxkEiHamahZD+F8k29Nd5/141Q/z3o95s
eoeGwe+Hv6QW3vrSZpMkp4XZEoYphi9l33Rf37/nqwb4+oTF22eWvB8LTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBdLVbPtv4s9qzbkMGBBBRL/y+3MB8GA1UdIwQY
MBaAFF66V+FwfkOy+pf86weKXUYOVsG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHJwWDRYQi1RN0w2bF96ckI0cGRSZzVXd2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jYmNhYzYtYWJlYi00YTM4LThjY2Mt
YjU5NzI3MDliYjAyLzEvTUYwdFZzLTJfaXoyck51UXdZRUVGRXZfTDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jYmNhYzYtYWJlYi00YTM4LThjY2MtYjU5NzI3MDliYjAy
LzEvWHJwWDRYQi1RN0w2bF96ckI0cGRSZzVXd2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV2wMA0G
CSqGSIb3DQEBCwUAA4IBAQCXp9ZOFNvicYs+xkrhxX4+wdW+4/hVCEf8okwmiE1X
pa1hwkSEyaXB/T8f60OiiewAo8G//YdoEXuLn1sF9PnIRa6Yj0aYfmBu556KVW9E
3Ce4UbQbS7w6rjIGRfW4TEZf5j2/ni0C+s7IaNnns2YBW+7CdfRo0ifdqZtsm8tr
k8/8FfSbzuWkFaxHu049TVvE9XWFLZuv4Upe/2b7urCWTBs/e7DuatO5HQakrY77
Gi3NuxbFBHVj/u2/iFYdixEMkXf9hMdio4thZLjvfiW4qq904iwbl07x50mn3rcV
E6dTDe34fqfsUnz3ez0ebN7TYw7AG4SdnlLriAInnh4N
-----END CERTIFICATE-----